Papers by Manmeet Mahinderjit Singh
With the advent of pervasive and ubiquitous mobile devices, Bring Your Own Device (BYOD) trend is... more With the advent of pervasive and ubiquitous mobile devices, Bring Your Own Device (BYOD) trend is steadily gaining traction amongst many corporations, in allowing the extensive utilization of mobile devices in handling work-related data. However, there are several drawbacks to this approach, one of which is the risks resulted from the occurrence of Advanced Persistent Threat (APT). The goal of APT is to exfiltrate and leak important and sensitive corporate information through exploitation of vulnerabilities within BYOD environment. This paper addresses the APT issue via spear phishing attacks within BYOD environment, through the mediation provided by security policies. The devising of Mandatory Access Control (MAC) security policies using ACPT includes the implementation of environment attributes along with the specification of proposed policy rules for organizations is proven to be the most suitable policy mechanism for BYOD environment. Guidelines in mitigating APT via spear phishing are briefly discussed as well.
Keywords: Security policy; Spear Phishing; Access Control Policy Tool (ACPT); OWASP risk rating methodology
RFID-enabled supply-chain systems are in an open-system environment, where different organisation... more RFID-enabled supply-chain systems are in an open-system environment, where different organisations have different business workflows and operate on different standards and protocols. This supply-chain environment can only be effective if the partners can trust each other and be collaborative. Besides that, counterfeiting is a challenging issue in RFID Supply-Chain Management (SCM). On the basis of the analysis of traditional trust framework in SCM, this paper proposes a seven-layer RFID trust framework. An example of integration of our trust framework with SCM systems is presented. Taxonomy of cloning threats and solutions is also presented.
Trust management in an open RFID system environment is a nontrivial problem, where different org... more Trust management in an open RFID system environment is a nontrivial problem, where different organizations have different business workflows and operate on different standards and protocols. Open RFID systems can only be effective if the systems can trust each other and be collaborative. The open system environment is also constantly evolving. So the trust and the collaborations need to be constantly maintained to cope with changes. RFID is becoming a ubiquitous computing technology imposing security and privacy threats. Counterfeiting in supply chain management is an attack with cloned and fraud RFID tags in order to gain illegal benefits. In this paper we will extend our previous work on a trust framework and construct a computational model for the trust management. The trust evaluation is built into the process of transactions of the data exchange and authorization in order to facilitate a better data sharing and access control. An example of wine counterfeiting will be presented and we will show how our computational trust model helps in reducing fraud brand of wines in supply chain management (SCM).
This is an era of quality management and quality is a parameter for the selection of a product or... more This is an era of quality management and quality is a parameter for the selection of a product or service because the customer wants a defects free product or service. Six Sigma is a quality improvement approach that aims to reduce the number of defects up to 3.4 parts per million. In the last three decades, it helped several companies to enhance the capability of their processes and to increase the level of quality of their product or service. This case-study based research deals with application of DMAIC (Define, Measure, Analyze, Improve and Control) methodology of Six Sigma to reduce the machine downtime for process improvement. The tools and techniques used during the analysis are Process Mapping (SIPOC Diagram), Process Flow Chart, Process Capability Analysis, Histogram, Pareto Chart, Pie Chart, Cause and Effect Diagram, Brainstorming, Affinity Diagram and ANOVA. The results of this study show that sigma value has improved from 2.79 Sigma to 2.85 Sigma. This study also highlited the five critical problems (reasons) of Downtime which are i.e Electricity Problem, Shortage of Material, Quality Issues, Machine Fault and Reactive Maintenance.The valuable principles and practices of Six Sigma will do well by continuously refining the organizational culture. Time and commitment both are required and compulsory to bring change in cultural before they are strongly implanted into the organization. I do assure that this research study will provide opportunities to the organizations for the better implementation of six sigma projects.
The usage of mobile organizers today is increasing with the advent of smart mobile phones and; th... more The usage of mobile organizers today is increasing with the advent of smart mobile phones and; the higher need for daily organizational skills. Most of the current research on mobile organizers highlights that most users rely on the application as an effective tool to manage their daily activities especially among university students. A mobile organizer application is software that acts as a personal assistant for users to help them manage their time and activities. From a Malaysian context, the usage of these applications among university students has not been explored in-depth. The aim of this paper is to initially explore the current usage of mobile organizers within a Malaysian university specifically Universiti Sains Malaysia. There are a number of requirements that a mobile organizer application should fulfil, in order to be effective for users. In order to identify these requirements, an initial survey was conducted in order to identify these requirements, which, would then be incorporated into the development of a mobile organizer suitable for Malaysian university students.
Near-Field Communication or NFC is a new technology that was introduced in recent years. However,... more Near-Field Communication or NFC is a new technology that was introduced in recent years. However, even with the simplicity and security that the technology provide, the adoption of this technology is not wide spread. In this paper, we describe the user-friendliness criteria essential for NFC technology through a proposed library system. To determine the criteria of userfriendliness for the technology, we conducted a survey on the understanding and usage of different users that would be exposed to a library system. The survey included questions about the existing library system (OPAC) and their perception of the NFC technology. Based on the results, we managed to identify that the OPAC system is not a user-friendly library system. Further, we have also identified that there are three main user-friendliness criteria deemed necessary by users for an NFC-enabled library system to be more effective than the OPAC system: usability, security and efficiency.
Most of the universities or colleges, the lecturer has to take the attendance of the students man... more Most of the universities or colleges, the lecturer has to take the attendance of the students manually by circulating a paper for them to register their names or calling the names. To date, there are various types of attendance systems that are applying different technologies such as biometrics, tokens and sensors such as RFID. The latest is by applying near-field communication (NFC), a sensor within the smartphone has been used as a mean for recording attendances. The aim of this paper is to list out the possible security attacks against NFC (Near Field Communication) enabled systems by focusing on a student-based attendance system. A brief overview over NFC technology and discussion on various security attacks against NFC in different media is presented. Overall, an attendance system is compromised mainly by tag swapping, tag cloning and manipulation of data occurring on the NFC device and operational server.
Lecture Notes in Computer Science, 2015
Bring Your Own Device (BYOD) concept has become popular amongst organization. However, due to its... more Bring Your Own Device (BYOD) concept has become popular amongst organization. However, due to its portability and information available through social network, BYOD has become susceptible to information stealing attacks such as Advanced Persistent Threat (APT) attack. APT attack uses tricky methods in getting access into the target’s machine and mostly motives and stand as a threat to politics, corporate, academic and even military. Various mitigation techniques have been proposed in tackling this attack but, most of them are relying on available information of the attacks and does not provide data protection. Hence, it is challenging in providing protection against APT attack. In this paper, we will investigate on the available mitigation techniques and its problems in tackling APT attack by looking on the root cause of the attack inside BYOD environment. Lastly, based on the information obtained we will propose a new framework in reducing APT attack.
International Journal of Network Security & Its Applications, 2015
Online Social Network (OSN) has become the most popular platform on the Internet that can provide... more Online Social Network (OSN) has become the most popular platform on the Internet that can provide an interesting and creative ways to communicate, sharing and meets with peoples. As OSNs mature, issues regarding proper use of OSNs are also growing. In this research, the challenges of online social networks have been investigated. The current issues in some of the Social Network Sites are being studied and compared. Cyber criminals, malware attacks, physical threat, security and usability and some privacy issues have been recognized as the challenges of the current social networking sites. Trust concerns have been raised and the trustworthiness of social networking sites has been questioned. Currently, the trust in social networks is using the single-faceted approach, which is not well personalized, and doesn't account for the subjective views of trust, according to each user, but only the general trust believes of a group of population. The trust level towards a person cannot be calculated and trust is lack of personalization. From our initial survey, we had found that most people can share their information without any doubts on OSN but they normally do not trust all their friends equally and think there is a need of trust management. We had found mixed opinions in relation to the proposed rating feature in OSNs too. By adopting the idea of multi-faceted trust model, a user-centric model that can personalize the comments/photos in social network with user's customized traits of trust is proposed. This model can probably solve many of the trust issues towards the social networking sites with personalized trust features, in order to keep the postings on social sites confidential and integrity.
Radio frequencies refer to the electromagnetic energy that we transmit the identification informa... more Radio frequencies refer to the electromagnetic energy that we transmit the identification information from tags to its reader. Radio Frequency Identification (RFID) transmits the data without line of sight. RFID tags are small, wireless devices that help identify item automatically and indicating unique serial number for each item. However, counterfeiting in supply chain management likes cloned and fraud RFID tag bring the impact to the organization and social when attackers want to gain illegal benefits.Organizationsarelosing a lot of money and trust from userswhen counterfeiting occurred. Furthermore, RFID data nature characteristics faces the issues likes RFID just carry simple information, in-flood of data, inaccuracy data from RFID readers and difficulties to track spatial and place. We propose to use clustering algorithms in order to detect counterfeit in supply chain management. We will apply various clustering algorithms to analyzed and determine every attribute in the dataset structure pattern. Based on evaluation that have done, we found that Farthest First is the best algorithm for 1000 (small data) and 10000 (bigger data). However, the values of false negative in data still quite high and it is dangerous if RFID scanner misread the cloned or fraud tags become genuine tags. Hence, we applied cost algorithms to reduce false negative values.
The stream cipher Salsa20 and its reduced versions are among the fastest stream ciphers available... more The stream cipher Salsa20 and its reduced versions are among the fastest stream ciphers available today. However, Salsa20/7 is broken and Salsa20/12 is not as safe as before. Therefore, Salsa20 must completely perform all of the four rounds of encryption to achieve a good diffusion in order to resist the known attacks. In this paper, a new variant of Salsa20 that uses the chaos theory and that can achieve diffusion faster than the original Salsa20 is presented. The method has been tested and benchmarked with the original Salsa20 with a series of tests. Most of the tests show that the proposed chaotic Salsa of two rounds is faster than the original four rounds of Salsa20/4, but it offers the same diffusion level.
Attendance system is a system that is used to track the attendance of a particular person and is ... more Attendance system is a system that is used to track the attendance of a particular person and is applied in the industries, schools, universities or working places. The traditional way for taking attendance has drawback, which is the data of the attendance list cannot be reuse and tracking and tracing student's attendance is harder. The technology-based attendance system such as sensors and biometrics based attendance system reduced human involvement and errors. Thus in this paper, a NFC-based attendance system is presented. A comparative study between this both NFC and RFID is also discussed thoroughly, especially in terms of their architectures, functionality features, benefits and weakness. Overall, even both NFC and RFID attendance system increases the efficiency in recording attendance, NFC system is providing more conveniences and cheaper infrastructure in both operational and setup cost.
Computer Science & Information Technology ( CS & IT ), 2014
Online Social Network (OSN) has become the most popular platform on the Internet that can provide... more Online Social Network (OSN) has become the most popular platform on the Internet that can provide an interesting and creative ways to communicate, sharing and meets with peoples. As OSNs mature, issues regarding proper use of OSNs are also growing. In this research, the challenges of online social networks have been investigated. The current issues in some of the Social Network Sites are being studied and compared. Cyber criminals, malware attacks, physical threat, security and usability and some privacy issues have been recognized as the challenges of the current social networking sites. Trust concerns have been raised and the trustworthiness of social networking sites has been questioned. Currently, the trust in social networks is using the single-faceted approach, which is not well personalized, and doesn't account for the subjective views of trust, according to each user, but only the general trust believes of a group of population. The trust level towards a person cannot be calculated and trust is lack of personalization. From our initial survey, we had found that most people can share their information without any doubts on OSN but they normally do not trust all their friends equally and think there is a need of trust management. We had found mixed opinions in relation to the proposed rating feature in OSNs too. By adopting the idea of multi-faceted trust model, a user-centric model that can personalize the comments/photos in social network with user's customized traits of trust is proposed. This model can probably solve many of the trust issues towards the social networking sites with personalized trust features, in order to keep the postings on social sites confidential and integrity.
Mobile devices, specifically smartphones, have become ubiquitous. For this reason, businesses are... more Mobile devices, specifically smartphones, have become ubiquitous. For this reason, businesses are starting to develop “Bring Your Own Device” policies to allow their employees to use their owned devices in the workplace. BYOD offers many potential advantages: enhanced productivity, increased revenues, reduced mobile costs and IT efficiencies. However, due to emerging attacks and limitations on device resources, it is difficult to trust these devices with access to critical proprietary information. Therefore, in this paper, the potential attacks of BYOD and taxonomy of BYOD attacks are presented. Advanced persistent threat (APT) and malware attack are discussed in depth in this paper. Next, the proposed solution to mitigate the attacks of BYOD is discussed. Lastly, the evaluations of the proposed solutions based on the X.800 security architecture are presented.
Uploads
Papers by Manmeet Mahinderjit Singh
Keywords: Security policy; Spear Phishing; Access Control Policy Tool (ACPT); OWASP risk rating methodology
Keywords: Security policy; Spear Phishing; Access Control Policy Tool (ACPT); OWASP risk rating methodology